fw unloadlocal

Description

Uninstalls all policies from the Security Gateway or Cluster Member.

Warning

The fw unloadlocal command prevents all traffic from passing through the Security Gateway (Cluster Member), because it disables the IP Forwarding in the Linux kernel on the Security Gateway (Cluster Member).
The fw unloadlocal command removes all policies from the Security Gateway (Cluster Member). This means that the Security Gateway (Cluster Member) accepts all incoming connections destined to all active interfaces without any filtering or protection enabled.

Notes

If you need to remove the current policy, but keep the Security Gateway (Cluster Member) protected, then run the comp_init_policy command on the Security Gateway (Cluster Member).
To load the policies on the Security Gateway (Cluster Member), run one of these commands on the Security Gateway (Cluster Member), or reboot:
- fw fetch
- cpstart
In addition, see the fwm unload command.

Syntax

fw [-d] unloadlocal

Parameters

Parameter	Description
`-d`	Runs the command in debug mode. Use only if you troubleshoot the command itself.

Example

[Expert@MyGW:0]# cpstat -f policy fw

Product name: Firewall

Policy name: My_Policy

Policy install time: Tue Oct 23 18:23:14 2018

... ... ...

[Expert@MyGW:0]#

[Expert@MyGW:0]# sysctl -a | grep forwarding | grep -v bridge

net.ipv6.conf.bond0.forwarding = 1

net.ipv6.conf.eth1.forwarding = 1

net.ipv6.conf.eth3.forwarding = 1

net.ipv6.conf.eth2.forwarding = 1

net.ipv6.conf.eth4.forwarding = 1

net.ipv6.conf.eth5.forwarding = 1

net.ipv6.conf.eth0.forwarding = 1

net.ipv6.conf.eth6.forwarding = 1

net.ipv6.conf.default.forwarding = 1

net.ipv6.conf.all.forwarding = 1

net.ipv6.conf.lo.forwarding = 1

net.ipv4.conf.bond0.mc_forwarding = 0

net.ipv4.conf.bond0.forwarding = 1

net.ipv4.conf.eth1.mc_forwarding = 0

net.ipv4.conf.eth1.forwarding = 1

net.ipv4.conf.eth2.mc_forwarding = 0

net.ipv4.conf.eth2.forwarding = 1

net.ipv4.conf.eth0.mc_forwarding = 0

net.ipv4.conf.eth0.forwarding = 1

net.ipv4.conf.lo.mc_forwarding = 0

net.ipv4.conf.lo.forwarding = 1

net.ipv4.conf.default.mc_forwarding = 0

net.ipv4.conf.default.forwarding = 1

net.ipv4.conf.all.mc_forwarding = 0

net.ipv4.conf.all.forwarding = 1

[Expert@MyGW:0]#

[Expert@MyGW:0]# fw unloadlocal

Uninstalling Security Policy from all.all@MyGW

Done.

[Expert@MyGW:0]#

[Expert@MyGW:0]# cpstat -f policy fw

Product name: Firewall

Policy name:

Policy install time:

... ... ...

[Expert@MyGW:0]#

[Expert@MyGW:0]# sysctl -a | grep forwarding | grep -v bridge

net.ipv6.conf.bond0.forwarding = 0

net.ipv6.conf.eth1.forwarding = 0

net.ipv6.conf.eth3.forwarding = 0

net.ipv6.conf.eth2.forwarding = 0

net.ipv6.conf.eth4.forwarding = 0

net.ipv6.conf.eth5.forwarding = 0

net.ipv6.conf.eth0.forwarding = 0

net.ipv6.conf.eth6.forwarding = 0

net.ipv6.conf.default.forwarding = 0

net.ipv6.conf.all.forwarding = 0

net.ipv6.conf.lo.forwarding = 0

net.ipv4.conf.bond0.mc_forwarding = 0

net.ipv4.conf.bond0.forwarding = 0

net.ipv4.conf.eth1.mc_forwarding = 0

net.ipv4.conf.eth1.forwarding = 0

net.ipv4.conf.eth2.mc_forwarding = 0

net.ipv4.conf.eth2.forwarding = 0

net.ipv4.conf.eth0.mc_forwarding = 0

net.ipv4.conf.eth0.forwarding = 0

net.ipv4.conf.lo.mc_forwarding = 0

net.ipv4.conf.lo.forwarding = 0

net.ipv4.conf.default.mc_forwarding = 0

net.ipv4.conf.default.forwarding = 0

net.ipv4.conf.all.mc_forwarding = 0

net.ipv4.conf.all.forwarding = 0

[Expert@MyGW:0]#

[Expert@MyGW:0]# fw fetch localhost

Installing Security Policy My_Policy on all.all@MyGW

Fetching Security Policy from localhost succeeded

[Expert@MyGW:0]#